mirror of https://github.com/MISP/misp-galaxy
Update ransomware.json: add BlackCat (ALPHV)
parent
7d3e001633
commit
fa9829cec0
|
@ -5291,7 +5291,7 @@
|
||||||
],
|
],
|
||||||
"refs": [
|
"refs": [
|
||||||
"http://download.bleepingcomputer.com/demonslay335/AlphaDecrypter.zip",
|
"http://download.bleepingcomputer.com/demonslay335/AlphaDecrypter.zip",
|
||||||
"http://www.bleepingcomputer.com/news/security/decrypted-alpha-ransomware-continues-the-trend-of-accepting-amazon-cards/",
|
"http://www.bleepingcomputer.com/news/security/decrypted-alpha-ransomware-nues-the-trend-of-accepting-amazon-cards/",
|
||||||
"https://twitter.com/malwarebread/status/804714048499621888"
|
"https://twitter.com/malwarebread/status/804714048499621888"
|
||||||
],
|
],
|
||||||
"synonyms": [
|
"synonyms": [
|
||||||
|
@ -24225,6 +24225,204 @@
|
||||||
"uuid": "feb5fa26-bad4-46da-921d-986d2fd81a40",
|
"uuid": "feb5fa26-bad4-46da-921d-986d2fd81a40",
|
||||||
"value": "WhisperGate"
|
"value": "WhisperGate"
|
||||||
}
|
}
|
||||||
|
{
|
||||||
|
"description": "BlackCat (ALPHV) is ransomware written in Rust. The ransomware makes heavy use of plaintext JSON configuration files to specify the ransomware functionality. BlackCat has many advanced capabilities like escalating privileges and bypassing UAC make use of AES and ChaCha20 or Salsa encryption, may use the Restart Manager, can delete volume shadow copies, can enumerate disk volumes and network shares automatically, and may kill specific processes and services. The ransomware exists for both Windows, Linux, and ESXi systems. Multiple extortion techniques are used by the BlackCat gang, such as exfiltrating victim data before the ransomware deployment, threats to release data if the ransomw is not paid, and distributed denial-of-service (DDoS) attacks.",
|
||||||
|
"meta": {
|
||||||
|
"date": "June 2021",
|
||||||
|
"encryption": [
|
||||||
|
"AES",
|
||||||
|
"ChaCha20",
|
||||||
|
"Salsa"
|
||||||
],
|
],
|
||||||
"version": 99
|
"ransomnotes-refs": [
|
||||||
|
"https://unit42.paloaltonetworks.com/wp-content/uploads/2022/01/word-image-78.png"
|
||||||
|
],
|
||||||
|
"refs": [
|
||||||
|
"https://malpedia.caad.fkie.fraunhofer.de/details/win.blackcat",
|
||||||
|
"https://1-id--ransomware-blogspot-com.translate.goog/2021/12/blackcat-ransomware.html?_x_tr_enc=1&_x_tr_sl=ru&_x_tr_tl=en&_x_tr_hl=ru",
|
||||||
|
"https://medium.com/s2wblog/blackcat-new-rust-based-ransomware-borrowing-blackmatters-configuration-31c8d330a809",
|
||||||
|
"https://github.com/f0wl/blackCatConf",
|
||||||
|
"https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/",
|
||||||
|
"https://www.varonis.com/blog/alphv-blackcat-ransomware",
|
||||||
|
"https://www.intrinsec.com/alphv-ransomware-gang-analysis",
|
||||||
|
"https://unit42.paloaltonetworks.com/blackcat-ransomware/"
|
||||||
|
],
|
||||||
|
"synonyms": [
|
||||||
|
"ALPHV"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "2acf44aa-542f-4366-b4eb-55ef5747759c",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "0a5231ec-41af-4a35-83d0-6bdf11f28c65",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "650c784b-7504-4df7-ab2c-4ea882384d1e",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "1ecfdab8-7d59-4c98-95d4-dc41970f57fc",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "4cbc6a62-9e34-4f94-8a19-5c1a11392a49",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "40597f16-0963-4249-bf4c-ac93b7fb9807",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "d74c4a7e-ffbf-432f-9365-7ebf1f787cab",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "a782ebe2-daba-42c7-bc82-e8e9d923162d",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "d74c4a7e-ffbf-432f-9365-7ebf1f787cab",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
}
|
||||||
|
"uuid": "e6c09b63-a424-4d9e-b7f7-b752cbbca02a",
|
||||||
|
"value": "BlackCat"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"version": 100
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue